What happens when a code signing certificate expires?

If you timestamp your code while the certificate is valid the effect is that your expired certificates are good.

From Thawte Code Signing Certificate FAQs:

How long can I use a Code Signing Certificate for?

  • Code Signing Certificates are valid for 1 or 2 years depending on which life cycle you choose when you purchase the certificate. Please note: For Microsoft® Authenticode® (Multi-Purpose), you should also timestamp your signed code to avoid your code expiring when your certificate expires.

Is timestamped code valid after a Code Signing Certificate expires?

  • Microsoft® Authenticode® (Multi-Purpose) allows you to timestamp your signed code. Timestamping ensures that code will not expire when the certificate expires because the browser validates the timestamp. The timestamping service is provided courtesy of VeriSign. If you use the timestamping service when signing code, a hash of your code is sent to VeriSign’s server to record a timestamp for your code. A user’s software can distinguish between code signed with an expired certificate that should not be trusted and code that was signed with a Certificate that was valid at the time the code was signed but which has subsequently expired.

Leave a Comment